CVE-2007-1995

Description

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

How to fix CVE-2007-1995

To remediate CVE-2007-1995, upgrade the affected package to a fixed version below.

• Debian/quagga—upgrade to 0.99.6-5 or later
• Debian/quagga—upgrade to 0.98.3-7.4 or later

Is CVE-2007-1995 being exploited?

Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.99.6-5
• from 0, < 0.98.3-7.4

References (26)

• ADVISORYsecunia.com/advisories/24808
• ADVISORYsecunia.com/advisories/25084
• ADVISORYsecunia.com/advisories/25119
• ADVISORYsecunia.com/advisories/25255
• ADVISORYsecunia.com/advisories/25293